Auth0 fixed the JWKS bug, which allows using the jwks url

[afitzek]

trafficstars

Description

Auth0 integration works now with jwks urls. Auth0 fixed the bug with the incorrect kid calculation. One still has to revoke a key that was created before the key was generated.

This just updates the docs, maybe also https://hasura.io/jwt-config/ could be updated.

Affected components

• [X] Docs

[hasura-bot]

Beep boop! :robot:

Hey @afitzek, thanks for your PR!

One of my human friends will review this PR and get back to you as soon as possible.

Stay awesome! :sunglasses:

[netlify[bot]]

:heavy_check_mark: Deploy Preview for hasura-docs ready!

:hammer: Explore the source changes: 5a4f162f7be6d95414f9c9a65cb1254bc1b073f1

:mag: Inspect the deploy log: https://app.netlify.com/sites/hasura-docs/deploys/60ae4e380bac310007618d58

:sunglasses: Browse the preview: https://deploy-preview-6796--hasura-docs.netlify.app

[JamiesWhiteShirt]

Yes, please include this in the docs! The docs do not even mention the maintenance issues and security risks with the workaround for Auth0, so the docs could at least primarily suggest using the JWK URL and fixing the signing keys if necessary.

We figured this out on our own, and it turned out our signing keys were OK.

[thetimbecker]

Happy birthday to this PR! I was about to type up and submit my own PR, luckily I searched first.

We also are having no issues with the JWK URL, the docs were confusing.

[TheodorRene]

We uneccesaryily hardcoded the key in our project for some time. As @JamiesWhiteShirt says this has security implications and should be prioritized to be merged.